Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

#509 closed defect (bug) (no action required)

Security improvement in group forums

Reported by: burtadsit's profile burtadsit Owned by: burtadsit's profile burtadsit
Milestone: 1.1 Priority: minor
Severity: Version:
Component: Keywords:
Cc:

Description

The password used to access bbpress forums using bbpress_live is just in wp_1_options meta data in plain text. We have a user created in wp/bbpress that has a stored password. Encrypted. The user authentication on the bbpress side uses that username/password and validates access with the user account.

bp should do the same. I know this is sambauers code but this is a definite hole we need to plug.

Change History (6)

#1 @burtadsit
15 years ago

Forgot. Also we should have the password entry/change be the usual enter twice for validation in the backend admin form.

#2 @burtadsit
15 years ago

  • Owner set to burtadsit
  • Status changed from new to assigned

#3 @apeatling
15 years ago

  • Milestone set to Forums 1.1

One for 1.1.

#4 @(none)
15 years ago

  • Milestone Forums 1.1 deleted

Milestone Forums 1.1 deleted

#5 @apeatling
15 years ago

  • Milestone set to 1.1

#6 @apeatling
15 years ago

  • Resolution set to invalid
  • Status changed from assigned to closed

XMLRPC has been removed. Now invalid.

Note: See TracTickets for help on using tickets.